| Kyle Swenson | 8d8f654 | 2021-03-15 11:02:55 -0600 | [diff] [blame^] | 1 | config EVM |
| 2 | bool "EVM support" |
| 3 | select KEYS |
| 4 | select ENCRYPTED_KEYS |
| 5 | select CRYPTO_HMAC |
| 6 | select CRYPTO_SHA1 |
| 7 | default n |
| 8 | help |
| 9 | EVM protects a file's security extended attributes against |
| 10 | integrity attacks. |
| 11 | |
| 12 | If you are unsure how to answer this question, answer N. |
| 13 | |
| 14 | config EVM_ATTR_FSUUID |
| 15 | bool "FSUUID (version 2)" |
| 16 | default y |
| 17 | depends on EVM |
| 18 | help |
| 19 | Include filesystem UUID for HMAC calculation. |
| 20 | |
| 21 | Default value is 'selected', which is former version 2. |
| 22 | if 'not selected', it is former version 1 |
| 23 | |
| 24 | WARNING: changing the HMAC calculation method or adding |
| 25 | additional info to the calculation, requires existing EVM |
| 26 | labeled file systems to be relabeled. |
| 27 | |
| 28 | config EVM_EXTRA_SMACK_XATTRS |
| 29 | bool "Additional SMACK xattrs" |
| 30 | depends on EVM && SECURITY_SMACK |
| 31 | default n |
| 32 | help |
| 33 | Include additional SMACK xattrs for HMAC calculation. |
| 34 | |
| 35 | In addition to the original security xattrs (eg. security.selinux, |
| 36 | security.SMACK64, security.capability, and security.ima) included |
| 37 | in the HMAC calculation, enabling this option includes newly defined |
| 38 | Smack xattrs: security.SMACK64EXEC, security.SMACK64TRANSMUTE and |
| 39 | security.SMACK64MMAP. |
| 40 | |
| 41 | WARNING: changing the HMAC calculation method or adding |
| 42 | additional info to the calculation, requires existing EVM |
| 43 | labeled file systems to be relabeled. |
| 44 | |